SUNRPC: Use xdr_stream to encode Reply verifier in svcauth_tls_accept()

Done as part of hardening the server-side RPC header encoding path. Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>

SUNRPC: Use xdr_stream to encode Reply verifier in svcauth_tls_accept()
Done as part of hardening the server-side RPC header encoding path. Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
df18f9cc · Chuck Lever · 3b03f3c5 · df18f9cc
Commit df18f9cc authored Jan 08, 2023 by Chuck Lever
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 9 deletions

net/sunrpc/svcauth_unix.c net/sunrpc/svcauth_unix.c +13 -9

No files found.
--- a/net/sunrpc/svcauth_unix.c
+++ b/net/sunrpc/svcauth_unix.c
@@ -822,9 +822,9 @@ svcauth_tls_accept(struct svc_rqst *rqstp)
 {
 	struct xdr_stream *xdr = &rqstp->rq_arg_stream;
 	struct svc_cred	*cred = &rqstp->rq_cred;
-	struct kvec *resv = rqstp->rq_res.head;
 	u32 flavor, len;
 	void *body;
+	__be32 *p;
 	/* Length of Call's credential body field: */
 	if (xdr_stream_decode_u32(xdr, &len) < 0)
@@ -855,17 +855,21 @@ svcauth_tls_accept(struct svc_rqst *rqstp)
 	if (cred->cr_group_info == NULL)
 		return SVC_CLOSE;
-	/* Reply's verifier */
+	svcxdr_init_encode(rqstp);
-	svc_putnl(resv, RPC_AUTH_NULL);
 	if (rqstp->rq_xprt->xpt_ops->xpo_start_tls) {
-		svc_putnl(resv, 8);
+		p = xdr_reserve_space(&rqstp->rq_res_stream, XDR_UNIT * 2 + 8);
-		memcpy(resv->iov_base + resv->iov_len, "STARTTLS", 8);
+		if (!p)
-		resv->iov_len += 8;
+			return SVC_CLOSE;
-	} else
+		*p++ = rpc_auth_null;
-		svc_putnl(resv, 0);
+		*p++ = cpu_to_be32(8);
+		memcpy(p, "STARTTLS", 8);
+	} else {
+		if (xdr_stream_encode_opaque_auth(&rqstp->rq_res_stream,
+						  RPC_AUTH_NULL, NULL, 0) < 0)
+			return SVC_CLOSE;
+	}
 	rqstp->rq_cred.cr_flavor = RPC_AUTH_TLS;
-	svcxdr_init_encode(rqstp);
 	return SVC_OK;
 }